TruSTAR Marketing LLC, dba TruSTAR Creative is considered a healthcare clearinghouse under the rules of Health Insurance Portability and Accountability Act of 1996, otherwise known as the Health Information Technology for Economic and Clinical Health Act “HITECH” collectively know as “HIPAA”. A healthcare clearinghouse, when considered a “covered entity” by HIPAA, is an organization that performs one or both of the following functions:
– Processes or facilitates the processing of health information received from another entity in nonstandard format and/or data content into standard data elements or a standard transaction; – Receives a standard transaction from another entity and processes or facilitates the processing of that health information into nonstandard format and/or nonstandard data content for the receiving entity.
A healthcare clearinghouse may also be a “business associate” according to HIPAA. As a business associate, a clearinghouse could send or receive healthcare transactions without the requirement for translation between standard and nonstandard format and/or data content. As a Business Associate, TruStar Creative agrees to:
(a) Not use or disclose protected health information other than as permitted or required by the Agreement or as required by law; (b) Use appropriate safeguards, and comply with respect to electronic protected health information, to prevent use or disclosure of protected health information; (d) Ensure any subcontractors that create, receive, maintain, or transmit protected health information on behalf of TruStar Creative agree to the same restrictions, conditions, and requirements that apply to us with respect to such information.
TruStar Creative has a Privacy Official, who ensures the office is implementing the privacy policies required by HIPAA and that we are safeguarding any and all individually identifiable health information. TruStar Creative uses the services of business associates. Examples of business associates would include: other clearinghouses, accounting firms and consulting firms. We take required steps, including executing contracts with each business associate to ensure the associate is also protecting the privacy of individually identifiable health information. We monitor the activities of our business associates to ensure HIPAA compliance. Monitoring of activities and specific responsibilities and duties of each business associate is documented in a specific agreement, called a Business Associate Agreement, between us and our business associates. Each employee of TruStar Creative, who has access to protected health information, receives training in the policies and procedures for the use, disclosure and safeguarding of the information. Training sessions are documented and kept on file. TruStar Creative complies with each of the four parts of the security rule: administrative procedures, physical safeguards, technical security services and technical security mechanisms. Our Security Official is responsible for ensuring policies and procedures are documented and implemented. Reference Site: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/contractprov.html